diff options
author | Eric Paris <eparis@redhat.com> | 2010-11-16 06:52:49 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-11-17 13:54:35 -0500 |
commit | ee58681195bf243bafc44ca53f3c24429d096cce (patch) | |
tree | 938c3f2f2b6db4d43429c28f2ca67650e12829f1 /net/ipv4 | |
parent | da6836500414ae734cd9873c2d553db594f831e9 (diff) |
network: tcp_connect should return certain errors up the stack
The current tcp_connect code completely ignores errors from sending an skb.
This makes sense in many situations (like -ENOBUFFS) but I want to be able to
immediately fail connections if they are denied by the SELinux netfilter hook.
Netfilter does not normally return ECONNREFUSED when it drops a packet so we
respect that error code as a final and fatal error that can not be recovered.
Based-on-patch-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/tcp_output.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 05b1ecf36763..bb8f547fc7d2 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk) | |||
2592 | { | 2592 | { |
2593 | struct tcp_sock *tp = tcp_sk(sk); | 2593 | struct tcp_sock *tp = tcp_sk(sk); |
2594 | struct sk_buff *buff; | 2594 | struct sk_buff *buff; |
2595 | int err; | ||
2595 | 2596 | ||
2596 | tcp_connect_init(sk); | 2597 | tcp_connect_init(sk); |
2597 | 2598 | ||
@@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk) | |||
2614 | sk->sk_wmem_queued += buff->truesize; | 2615 | sk->sk_wmem_queued += buff->truesize; |
2615 | sk_mem_charge(sk, buff->truesize); | 2616 | sk_mem_charge(sk, buff->truesize); |
2616 | tp->packets_out += tcp_skb_pcount(buff); | 2617 | tp->packets_out += tcp_skb_pcount(buff); |
2617 | tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); | 2618 | err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); |
2619 | if (err == -ECONNREFUSED) | ||
2620 | return err; | ||
2618 | 2621 | ||
2619 | /* We change tp->snd_nxt after the tcp_transmit_skb() call | 2622 | /* We change tp->snd_nxt after the tcp_transmit_skb() call |
2620 | * in order to make this packet get counted in tcpOutSegs. | 2623 | * in order to make this packet get counted in tcpOutSegs. |